System and method employing an agile network protocol for secure communications using secure domain names

CAFC

US 8,850,009 B2
Filed: 06/06/2013
Issued: 09/30/2014
Est. Priority Date: 10/30/1998
Status: Expired due to Fees

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A network device, comprising:

a storage device storing an application program for a secure communications service; and

at least one processor configured to execute the application program for the secure communications service so as to enable the network device to;

send a domain name service (DNS) request to look up a network address of a second network device based on an identifier associated with the second network device;

receive, following interception of the DNS request and a determination that the second network device is available for the secure communications service;

(1) an indication that the second network device is available for the secure communications service, (2) the requested network address of the second network device, and (3) provisioning information for an encrypted communication link;

connect to the second network device over the encrypted communication link, using the received network address of the second network device and the provisioning information for the encrypted communication link; and

communicate data with the second network device using the secure communications service via the encrypted communication link,the network device being a device at which a user uses the secure communications service to access the encrypted communication link.

View all claims

1 Assignment

Timeline View

Assignment View

2 Petitions

Accused Products

Abstract

A network device comprises a storage device storing an application program for a secure communications service; and at least one processor configured to execute the application program enabling the network device to: (a) send a request to look up a network address of a second network device based on an identifier; (b) receive an indication that the second network device is available for the secure communications service, the indication including the requested network address of the second network device and provisioning information for a secure communication link; (c) connect to the second network device over the secure communication link, using the received network address of the second network device and the provisioning information for the secure communication link; and (d) communicate at least one of video data and audio data with the second network device using the secure communications service via the secure communication link.

283 Citations

25 Claims

1. A network device, comprising:
- a storage device storing an application program for a secure communications service; and
  
  at least one processor configured to execute the application program for the secure communications service so as to enable the network device to;
  
  send a domain name service (DNS) request to look up a network address of a second network device based on an identifier associated with the second network device;
  
  receive, following interception of the DNS request and a determination that the second network device is available for the secure communications service;
  
  (1) an indication that the second network device is available for the secure communications service, (2) the requested network address of the second network device, and (3) provisioning information for an encrypted communication link;
  
  connect to the second network device over the encrypted communication link, using the received network address of the second network device and the provisioning information for the encrypted communication link; and
  
  communicate data with the second network device using the secure communications service via the encrypted communication link,the network device being a device at which a user uses the secure communications service to access the encrypted communication link.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The network device of claim 1, wherein the secure communications service includes an audio-video conferencing service, and the at least one processor is configured to execute the application program to communicate at least one of encrypted video data and audio data with the second network device via the encrypted communication link using the secure communications service.
  - 3. The network device of claim 1, wherein the secure communications service includes a telephony service.
  - 4. The system of claim 3, wherein the telephony service uses modulation.
  - 5. The network device of claim 4, wherein the modulation is based on one of frequency-division multiplexing (FDM), time-division multiplexing (TDM), or code division multiple access (CDMA).
  - 6. The network device of claim 1, wherein the network device is a mobile device.
  - 7. The network device of claim 1, wherein the identifier associated with the second network device is a domain name.
  - 8. The network device of claim 1, wherein the encrypted communication link is part of a virtual private network communication link.
  - 9. The network device of claim 1, wherein the virtual private network communication link is based on inserting into each data packet communicated over the virtual private network communication link one or more data values that vary according to a pseudo-random sequence.
  - 10. The network device of claim 1, wherein the indication that the second network device is available for the secure communications service is a function of the result of a domain name lookup.
  - 11. The network device of claim 1, wherein the encrypted communication link is an end-to-end link extending from the network device to the second network device.
  - 12. The network device of claim 1, wherein the interception of the DNS request consists of receiving the DNS request to determine that the second network device is available for the secure communications service.
  - 13. The network device of claim 1, wherein the interception of the DNS request occurs at another network device that is separate from the network device.

14. A method executed by a first network device for communicating with a second network device, the method comprising:
- sending a domain name service (DNS) request to look up a network address of a second network device based on an identifier associated with the second network device;
  
  receiving, following interception of the DNS request and a determination that the second network device is available for a secure communications service;
  
  (1) an indication that the second network device is available for the secure communications service, (2) the requested network address of the second network device, and (3) provisioning information for an encrypted communication link;
  
  connecting to the second network device over the encrypted communication link, using the received network address of the second network device and the provisioning information for the encrypted communication link; and
  
  communicating data with the second network device using the secure communications service via the encrypted communication link,the first network device being a device at which a user uses the secure communications service to access the encrypted communication link.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The method of claim 14, wherein the secure communications service includes a video conferencing service, and communicating includes communicating at least one of encrypted video data and audio data with the second network device via the encrypted communication link using the secure communications service.
  - 16. The method of claim 14, wherein the secure communications service includes a telephony service.
  - 17. The method of claim 14, wherein the telephony service uses modulation.
  - 18. The method of claim 17, wherein the modulation is based on one of frequency-division multiplexing (FDM), time-division multiplexing (TDM), or code division multiple access (CDMA).
  - 19. The method of claim 14, wherein the network device is a mobile device.
  - 20. The method of claim 14, wherein the identifier associated with the second network device is a domain name.
  - 21. The method of claim 14, wherein the encrypted communication link is part of a virtual private network communication link, and communicating with the second network device using the secure communications service includes inserting into data packets communicated over the virtual private network communication link one or more data values that vary according to a pseudo-random sequence.
  - 22. The method of claim 14, wherein the indication that the second network device is available for a secure communications service is a function of a domain name lookup.
  - 23. The method of claim 14, wherein the encrypted communication link is an end-to-end link extending from the first network device to the second network device.
  - 24. The method of claim 14, wherein the intercepting the DNS request consists of receiving the DNS request to determine that the second network device is available for the secure communications service.
  - 25. The method of claim 14, wherein the intercepting the DNS request occurs at another network device that is separate from the first network device.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
VirnetX Inc. (Virnetx Holding Corporation)
Original Assignee
VirnetX Inc. (Virnetx Holding Corporation)
Inventors
Larson, Victor, Short, Robert Dunham III, Munger, Edmund Colby, Williamson, Michael
Primary Examiner(s)
Lim, Krisna

Application Number

US13/911,792
Publication Number

US 20130268683A1
Time in Patent Office

481 Days
Field of Search

709227-228, 709/225, 709/221, 709/229, 726/15
US Class Current

709/225
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/606   by securing the transmissio...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 2101/30   Types of network names

H04L 2101/604   Address structures or formats

H04L 41/00   Arrangements for maintenanc...

H04L 45/00   Routing or path finding of ...

H04L 45/24   Multipath

H04L 45/28   using route fault recovery

H04L 61/30   Managing network names, e.g...

H04L 61/3015   Name registration, generati...

H04L 61/35   involving non-standard use ...

H04L 61/4511   using domain name system [DNS]

H04L 61/5007   Internet protocol [IP] addr...

H04L 61/5076   Update or notification mech...

H04L 61/5092   by self-assignment, e.g. pi...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/04   for providing a confidentia...

H04L 63/0407   wherein the identity of one...

H04L 63/0421 : Anonymous communication, i....

H04L 63/0428 : wherein the data content is...

H04L 63/0435 : wherein the sending and rec...

H04L 63/0478 : applying multiple layers of...

H04L 63/0485 : Networking architectures fo...

H04L 63/08 : for supporting authenticati...

H04L 63/0876 : based on the identity of th...

H04L 63/105 : Multiple levels of security

H04L 63/1408 : by monitoring network traff...

H04L 63/1416 : Event detection, e.g. attac...

H04L 63/1458 : Denial of Service

H04L 63/1466 : Active attacks involving in...

H04L 63/164 : at the network layer

H04L 63/168 : above the transport layer

H04L 67/14 : Session management for real...

H04L 67/141 : Setup of application sessio...

View All

System and method employing an agile network protocol for secure communications using secure domain names

First Claim

1 Assignment

2 Petitions

Accused Products

Abstract

283 Citations

25 Claims

Specification

115 Family Members

Thank you for your feedback